aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/dispatch/ssl_test.rb
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/test/dispatch/ssl_test.rb')
-rw-r--r--actionpack/test/dispatch/ssl_test.rb186
1 files changed, 85 insertions, 101 deletions
diff --git a/actionpack/test/dispatch/ssl_test.rb b/actionpack/test/dispatch/ssl_test.rb
index 668b2b6cfe..e29ffa750c 100644
--- a/actionpack/test/dispatch/ssl_test.rb
+++ b/actionpack/test/dispatch/ssl_test.rb
@@ -1,7 +1,7 @@
-require 'abstract_unit'
+require "abstract_unit"
class SSLTest < ActionDispatch::IntegrationTest
- HEADERS = Rack::Utils::HeaderHash.new 'Content-Type' => 'text/html'
+ HEADERS = Rack::Utils::HeaderHash.new "Content-Type" => "text/html"
attr_accessor :app
@@ -12,26 +12,16 @@ class SSLTest < ActionDispatch::IntegrationTest
end
class RedirectSSLTest < SSLTest
-
- def assert_not_redirected(url, headers: {}, redirect: {}, deprecated_host: nil,
- deprecated_port: nil)
-
- self.app = build_app ssl_options: { redirect: redirect,
- host: deprecated_host, port: deprecated_port
- }
-
+ def assert_not_redirected(url, headers: {}, redirect: {})
+ self.app = build_app ssl_options: { redirect: redirect }
get url, headers: headers
assert_response :ok
end
- def assert_redirected(redirect: {}, deprecated_host: nil, deprecated_port: nil,
- from: 'http://a/b?c=d', to: from.sub('http', 'https'))
-
+ def assert_redirected(redirect: {}, from: "http://a/b?c=d", to: from.sub("http", "https"))
redirect = { status: 301, body: [] }.merge(redirect)
- self.app = build_app ssl_options: { redirect: redirect,
- host: deprecated_host, port: deprecated_port
- }
+ self.app = build_app ssl_options: { redirect: redirect }
get from
assert_response redirect[:status] || 301
@@ -39,130 +29,124 @@ class RedirectSSLTest < SSLTest
assert_equal redirect[:body].join, @response.body
end
- test 'exclude can avoid redirect' do
- excluding = { exclude: -> request { request.path =~ /healthcheck/ } }
+ def assert_post_redirected(redirect: {}, from: "http://a/b?c=d",
+ to: from.sub("http", "https"))
+
+ self.app = build_app ssl_options: { redirect: redirect }
- assert_not_redirected 'http://example.org/healthcheck', redirect: excluding
- assert_redirected from: 'http://example.org/', redirect: excluding
+ post from
+ assert_response redirect[:status] || 307
+ assert_redirected_to to
end
- test 'https is not redirected' do
- assert_not_redirected 'https://example.org'
+ test "exclude can avoid redirect" do
+ excluding = { exclude: -> request { request.path =~ /healthcheck/ } }
+
+ assert_not_redirected "http://example.org/healthcheck", redirect: excluding
+ assert_redirected from: "http://example.org/", redirect: excluding
end
- test 'proxied https is not redirected' do
- assert_not_redirected 'http://example.org', headers: { 'HTTP_X_FORWARDED_PROTO' => 'https' }
+ test "https is not redirected" do
+ assert_not_redirected "https://example.org"
end
- test 'http is redirected to https' do
- assert_redirected
+ test "proxied https is not redirected" do
+ assert_not_redirected "http://example.org", headers: { "HTTP_X_FORWARDED_PROTO" => "https" }
end
- test 'redirect with non-301 status' do
- assert_redirected redirect: { status: 307 }
+ test "http is redirected to https" do
+ assert_redirected
end
- test 'redirect with custom body' do
- assert_redirected redirect: { body: ['foo'] }
+ test "http POST is redirected to https with status 307" do
+ assert_post_redirected
end
- test 'redirect to specific host' do
- assert_redirected redirect: { host: 'ssl' }, to: 'https://ssl/b?c=d'
+ test "redirect with non-301 status" do
+ assert_redirected redirect: { status: 307 }
end
- test 'redirect to default port' do
- assert_redirected redirect: { port: 443 }
+ test "redirect with custom body" do
+ assert_redirected redirect: { body: ["foo"] }
end
- test 'redirect to non-default port' do
- assert_redirected redirect: { port: 8443 }, to: 'https://a:8443/b?c=d'
+ test "redirect to specific host" do
+ assert_redirected redirect: { host: "ssl" }, to: "https://ssl/b?c=d"
end
- test 'redirect to different host and non-default port' do
- assert_redirected redirect: { host: 'ssl', port: 8443 }, to: 'https://ssl:8443/b?c=d'
+ test "redirect to default port" do
+ assert_redirected redirect: { port: 443 }
end
- test 'redirect to different host including port' do
- assert_redirected redirect: { host: 'ssl:443' }, to: 'https://ssl:443/b?c=d'
+ test "redirect to non-default port" do
+ assert_redirected redirect: { port: 8443 }, to: "https://a:8443/b?c=d"
end
- test ':host is deprecated, moved within redirect: { host: … }' do
- assert_deprecated do
- assert_redirected deprecated_host: 'foo', to: 'https://foo/b?c=d'
- end
+ test "redirect to different host and non-default port" do
+ assert_redirected redirect: { host: "ssl", port: 8443 }, to: "https://ssl:8443/b?c=d"
end
- test ':port is deprecated, moved within redirect: { port: … }' do
- assert_deprecated do
- assert_redirected deprecated_port: 1, to: 'https://a:1/b?c=d'
- end
+ test "redirect to different host including port" do
+ assert_redirected redirect: { host: "ssl:443" }, to: "https://ssl:443/b?c=d"
end
- test 'no redirect with redirect set to false' do
- assert_not_redirected 'http://example.org', redirect: false
+ test "no redirect with redirect set to false" do
+ assert_not_redirected "http://example.org", redirect: false
end
end
class StrictTransportSecurityTest < SSLTest
- EXPECTED = 'max-age=15552000'
- EXPECTED_WITH_SUBDOMAINS = 'max-age=15552000; includeSubDomains'
+ EXPECTED = "max-age=15552000"
+ EXPECTED_WITH_SUBDOMAINS = "max-age=15552000; includeSubDomains"
- def assert_hsts(expected, url: 'https://example.org', hsts: { subdomains: true }, headers: {})
+ def assert_hsts(expected, url: "https://example.org", hsts: { subdomains: true }, headers: {})
self.app = build_app ssl_options: { hsts: hsts }, headers: headers
get url
- assert_equal expected, response.headers['Strict-Transport-Security']
+ assert_equal expected, response.headers["Strict-Transport-Security"]
end
- test 'enabled by default' do
+ test "enabled by default" do
assert_hsts EXPECTED_WITH_SUBDOMAINS
end
- test 'not sent with http:// responses' do
- assert_hsts nil, url: 'http://example.org'
+ test "not sent with http:// responses" do
+ assert_hsts nil, url: "http://example.org"
end
- test 'defers to app-provided header' do
- assert_hsts 'app-provided', headers: { 'Strict-Transport-Security' => 'app-provided' }
+ test "defers to app-provided header" do
+ assert_hsts "app-provided", headers: { "Strict-Transport-Security" => "app-provided" }
end
- test 'hsts: true enables default settings' do
- assert_hsts EXPECTED, hsts: true
+ test "hsts: true enables default settings" do
+ assert_hsts EXPECTED_WITH_SUBDOMAINS, hsts: true
end
- test 'hsts: false sets max-age to zero, clearing browser HSTS settings' do
- assert_hsts 'max-age=0', hsts: false
+ test "hsts: false sets max-age to zero, clearing browser HSTS settings" do
+ assert_hsts "max-age=0; includeSubDomains", hsts: false
end
- test ':expires sets max-age' do
- assert_deprecated do
- assert_hsts 'max-age=500', hsts: { expires: 500 }
- end
+ test ":expires sets max-age" do
+ assert_hsts "max-age=500; includeSubDomains", hsts: { expires: 500 }
end
- test ':expires supports AS::Duration arguments' do
- assert_deprecated do
- assert_hsts 'max-age=31557600', hsts: { expires: 1.year }
- end
+ test ":expires supports AS::Duration arguments" do
+ assert_hsts "max-age=31557600; includeSubDomains", hsts: { expires: 1.year }
end
- test 'include subdomains' do
+ test "include subdomains" do
assert_hsts "#{EXPECTED}; includeSubDomains", hsts: { subdomains: true }
end
- test 'exclude subdomains' do
+ test "exclude subdomains" do
assert_hsts EXPECTED, hsts: { subdomains: false }
end
- test 'opt in to browser preload lists' do
- assert_deprecated do
- assert_hsts "#{EXPECTED}; preload", hsts: { preload: true }
- end
+ test "opt in to browser preload lists" do
+ assert_hsts "#{EXPECTED_WITH_SUBDOMAINS}; preload", hsts: { preload: true }
end
- test 'opt out of browser preload lists' do
- assert_deprecated do
- assert_hsts EXPECTED, hsts: { preload: false }
- end
+ test "opt out of browser preload lists" do
+ assert_hsts EXPECTED_WITH_SUBDOMAINS, hsts: { preload: false }
end
end
@@ -171,60 +155,60 @@ class SecureCookiesTest < SSLTest
def get(**options)
self.app = build_app(**options)
- super 'https://example.org'
+ super "https://example.org"
end
def assert_cookies(*expected)
- assert_equal expected, response.headers['Set-Cookie'].split("\n")
+ assert_equal expected, response.headers["Set-Cookie"].split("\n")
end
def test_flag_cookies_as_secure
- get headers: { 'Set-Cookie' => DEFAULT }
- assert_cookies 'id=1; path=/; secure', 'token=abc; path=/; secure; HttpOnly'
+ get headers: { "Set-Cookie" => DEFAULT }
+ assert_cookies "id=1; path=/; secure", "token=abc; path=/; secure; HttpOnly"
end
def test_flag_cookies_as_secure_at_end_of_line
- get headers: { 'Set-Cookie' => 'problem=def; path=/; HttpOnly; secure' }
- assert_cookies 'problem=def; path=/; HttpOnly; secure'
+ get headers: { "Set-Cookie" => "problem=def; path=/; HttpOnly; secure" }
+ assert_cookies "problem=def; path=/; HttpOnly; secure"
end
def test_flag_cookies_as_secure_with_more_spaces_before
- get headers: { 'Set-Cookie' => 'problem=def; path=/; HttpOnly; secure' }
- assert_cookies 'problem=def; path=/; HttpOnly; secure'
+ get headers: { "Set-Cookie" => "problem=def; path=/; HttpOnly; secure" }
+ assert_cookies "problem=def; path=/; HttpOnly; secure"
end
def test_flag_cookies_as_secure_with_more_spaces_after
- get headers: { 'Set-Cookie' => 'problem=def; path=/; secure; HttpOnly' }
- assert_cookies 'problem=def; path=/; secure; HttpOnly'
+ get headers: { "Set-Cookie" => "problem=def; path=/; secure; HttpOnly" }
+ assert_cookies "problem=def; path=/; secure; HttpOnly"
end
def test_flag_cookies_as_secure_with_has_not_spaces_before
- get headers: { 'Set-Cookie' => 'problem=def; path=/;secure; HttpOnly' }
- assert_cookies 'problem=def; path=/;secure; HttpOnly'
+ get headers: { "Set-Cookie" => "problem=def; path=/;secure; HttpOnly" }
+ assert_cookies "problem=def; path=/;secure; HttpOnly"
end
def test_flag_cookies_as_secure_with_has_not_spaces_after
- get headers: { 'Set-Cookie' => 'problem=def; path=/; secure;HttpOnly' }
- assert_cookies 'problem=def; path=/; secure;HttpOnly'
+ get headers: { "Set-Cookie" => "problem=def; path=/; secure;HttpOnly" }
+ assert_cookies "problem=def; path=/; secure;HttpOnly"
end
def test_flag_cookies_as_secure_with_ignore_case
- get headers: { 'Set-Cookie' => 'problem=def; path=/; Secure; HttpOnly' }
- assert_cookies 'problem=def; path=/; Secure; HttpOnly'
+ get headers: { "Set-Cookie" => "problem=def; path=/; Secure; HttpOnly" }
+ assert_cookies "problem=def; path=/; Secure; HttpOnly"
end
def test_cookies_as_not_secure_with_secure_cookies_disabled
- get headers: { 'Set-Cookie' => DEFAULT }, ssl_options: { secure_cookies: false }
+ get headers: { "Set-Cookie" => DEFAULT }, ssl_options: { secure_cookies: false }
assert_cookies(*DEFAULT.split("\n"))
end
def test_no_cookies
get
- assert_nil response.headers['Set-Cookie']
+ assert_nil response.headers["Set-Cookie"]
end
def test_keeps_original_headers_behavior
- get headers: { 'Connection' => %w[close] }
- assert_equal 'close', response.headers['Connection']
+ get headers: { "Connection" => %w[close] }
+ assert_equal "close", response.headers["Connection"]
end
end